How to make bind force clients to connect via TCP only?

Mnemosyne

1/29/23, 12:54 AM

I want to set up an experimental nameserver that asks clients to send requests via TCP only by sending back packets with the TC bit set. For that purpose I tried to work with the rate-limit parameter in the named.conf.options file but I couldnt make it work. I set:

    rate-limit {
            responses-per-second 1;
            slip 0;
    };

But if I make a dig request for an RR, the reply I get back does not have the TC bit set nor is it via tcp, it is still a udp packet. How do I force my server to only interact with tcp connections?

I am using bind9 and my OS is Ubuntu 20.04

0 + 0

domain-name-system

bind

tcp

Patrick Mevzek

1/29/23, 3:50 AM

The bind RRL feature is here to combat abuse by too many queries, so it won't be triggered by a single one. "How do I force my server to only interact with tcp connections?" You won't be compliant anymore but for local tests it is fine: just drop UDP traffic. A client (but it depends which one) may then try again by using TCP. Have a look also maybe at `dnsdist` as a frontend, it has more elaborate engine to control the reply.

Mnemosyne

1/29/23, 10:39 AM

hello Patrick, do you mean changing the iptables to drop all incoming UDP packets? Is there no other less drastic alternative perhaps?

Patrick Mevzek

1/29/23, 2:58 PM

Yes, I meant that, and obviously it makes it not DNS compliant anymore, so not good for production. I have no other ideas besides what I wrote in my comment above, let us wait for others to provider other possible ideas as answers.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to make bind force clients to connect via TCP only?

TH: จะทำให้ไคลเอ็นต์ผูกมัดเชื่อมต่อผ่าน TCP เท่านั้นได้อย่างไร

RO: Cum să obligeți clienții să se conecteze numai prin TCP?

RU: Как заставить клиентов связываться только через TCP?

VI: How to make bind force clients to connect via TCP only?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.